Friday, January 26, 2007

Creating Critical System Process in .NET

Yestreday, my home computer was infected by a worm - "Win32/Brontok.A". While cleaning it up I detected that I have TWO lsass.exe processes in the task manager. lsass.exe is a system process of the Microsoft Windows security mechanisms. The worm created lsass.exe in the My Documents folder, launched it and was happily operating on my machine.



And here's most interesting fact, when you try to kill lsass.exe process via task manager, you'll receive warning, like in the picture below.

I used Process Exloperer tool to kill that process and desinfect my computer.
However, it was interesting to see that Task Manager checks process name and not some special things about system process ( digital signature? ).

I created simple console application in C#, named it lsass.exe and voila - I have criticall system process :8-)

Опубліковано V о 1/26/2007 04:41:00 PM

Мітки: ,

4 comments:

  1. AnonymousDec 20, 2007, 4:53:00 PM

    Poor Design,...

    ReplyDelete
  2. VDec 20, 2007, 5:38:00 PM

    I totally agree with you, that's lame bug...

    ReplyDelete
  3. AkankshaMay 26, 2011, 1:57:00 PM

    thanks !

    ReplyDelete
  4. laurenJun 16, 2011, 8:18:00 AM

    I agree with you on the point that and I too detected that I have TWO lsass.exe processes in the task manager. lsass.exe is a system process of the Microsoft Windows security mechanisms. Can you share some more links related to this this information.It will be helpful and informative. Thanks for the sharing information. digital signature software

    ReplyDelete

Subscribe to: Post Comments (Atom)